Shraddha Suratkar, F. Kazi, R. Gaikwad, Akshay Shete, Raj Kabra, Shantanu Khirsagar
{"title":"Multi Hidden Markov Models for Improved Anomaly Detection Using System Call Analysis","authors":"Shraddha Suratkar, F. Kazi, R. Gaikwad, Akshay Shete, Raj Kabra, Shantanu Khirsagar","doi":"10.1109/IBSSC47189.2019.8973098","DOIUrl":null,"url":null,"abstract":"Intrusion Detection systems are used for detecting attacks on a system. The host-based intrusion detection system (HIDS) detect the ongoing attacks on a Host system. HIDS model is proposed using System Call Analysis consisting of two modules, an Anomaly Detection module and a Multi-HMM module for state prediction. Anomaly Detection module uses Long Short-term memory (LSTM) architecture, a special type of Recurrent Neural Network, for detection of anomalies in system call traces. It models the normal behaviour of the system using system call patterns which enables it to detect even ‘Zero-day’ attacks. The State prediction module is based on Multiple Hidden Markov Model (Multi-HMM), in which each HMM model a known attack. It takes a sequence of system calls as input and predicts next ‘N’ most probable system calls during the attack. After performing a number of experiments, results show that the model has high recognition rate and low false alarm rate.","PeriodicalId":148941,"journal":{"name":"2019 IEEE Bombay Section Signature Conference (IBSSC)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Bombay Section Signature Conference (IBSSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IBSSC47189.2019.8973098","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
Intrusion Detection systems are used for detecting attacks on a system. The host-based intrusion detection system (HIDS) detect the ongoing attacks on a Host system. HIDS model is proposed using System Call Analysis consisting of two modules, an Anomaly Detection module and a Multi-HMM module for state prediction. Anomaly Detection module uses Long Short-term memory (LSTM) architecture, a special type of Recurrent Neural Network, for detection of anomalies in system call traces. It models the normal behaviour of the system using system call patterns which enables it to detect even ‘Zero-day’ attacks. The State prediction module is based on Multiple Hidden Markov Model (Multi-HMM), in which each HMM model a known attack. It takes a sequence of system calls as input and predicts next ‘N’ most probable system calls during the attack. After performing a number of experiments, results show that the model has high recognition rate and low false alarm rate.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
